IAPP AIGP Dumps

When monitoring the functional performance of a model deployed into production, concerns typically include feature drift, model drift, and data loss. Feature drift refers to changes in the input features that can affect the model ' s predictions. Model drift is when the model ' s performance degrades over time due to changes in the data or environment. Data loss can impact the accuracy and reliability of the model. However, system cost, while important for budgeting and financial planning, is not a direct concern when monitoring the functional performance of a deployed model. Reference: AIGP Body of Knowledge on Model Monitoring and Maintenance.

The correct answer isB – Proprietary methods. While transparency is important, organizations arenot obligated to disclose proprietary algorithms, methods, or trade secretsin public disclosures.

From the AIGP Body of Knowledge – Transparency & Disclosures:

“AI system users should disclose the purpose, capabilities, limitations, and applicable legal context—but not sensitive IP.”

AI Governance in Practice Report 2025 (Transparency Section) states:

“Disclosure requirements balance public understanding with the need to protect proprietary business interests. Proprietary training methods are not expected to be disclosed.”

Thus, while it’s best practice to disclose theintended purpose, legal compliance, and system limitations,internal proprietary techniquesare usually excluded.

===========

Anonymization is a privacy-enhancing technique that involves removing or permanently altering personal data elements to prevent the identification of individuals. In this case, the company obfuscated all personal data elements before training the model, which aligns with the definition of anonymization. This ensures that the data cannot be traced back to individuals, thereby protecting their privacy while still allowing the company to derive value from the dataset. Reference: AIGP Body of Knowledge, privacy-enhancing techniques section.

The correct answer is A because it directly demonstrates meaningful human oversight over AI-generated outcomes, which is a key requirement in AI governance frameworks and regulations such as the EU AI Act. Human oversight requires that a qualified human can review, intervene, and override AI decisions before they produce legal or significant real-world effects. In high-risk contexts like healthcare diagnostics, governance frameworks emphasize “human-in-the-loop” controls to prevent harm and ensure accountability. Option A ensures a licensed medical professional validates the AI output before it is finalized, aligning with safety, accountability, and risk mitigation principles. Other options describe training, system design, or monitoring, which are important governance measures but do not constitute direct oversight of individual AI decisions at the point of impact, making them insufficient under strict regulatory expectations.

According to the Canadian Artificial Intelligence and Data Act, high-impact AI systems must notify the Minister of Innovation, Science and Industry upon initial deployment. This requirement ensures that the authorities are aware of the deployment of significant AI systems and can monitor their impacts and compliance with regulatory standards from the outset. This initial notification is crucial for maintaining oversight and ensuring the responsible use of AI technologies. Reference: AIGP Body of Knowledge, domain on AI laws and standards.

Developing a social media presence for a non-profit is best served by non-AI solutions. This task primarily involves content creation, community engagement, and strategic planning, which are effectively managed by human expertise and traditional marketing tools. AI is more suitable for tasks requiring automation, large-scale data analysis, and personalized recommendations, such as e-commerce personalization, forecasting cost overruns, or automating customer service responses. Reference: AIGP Body of Knowledge on AI Use Cases and Applications.

Forcustomizable, interpretable modelsthat allow organizations toretain control and avoid vendor lock-in,classic ML models(e.g., regression, decision trees, random forests) are optimal.

From theAI Governance in Practice Report 2025:

“Organizations seeking transparency, customizability, and control often prefer classic ML models due to their flexibility and ease of governance.” (p. 33)

AandCmay have limited transparency and are often tied to specific providers.

Dinvolves ongoing costs and limited model control.

Under the EU AI Act, high-risk AI systems like Crime Buster 9619 would require a detailed conformity assessment before being deployed in the EU market. This assessment ensures that the AI system complies with all relevant regulations and standards, addressing potential risks related to privacy, security, and discrimination. The company would not need to register the tool with the EU database (A), seek approval from an EU authority (B), or face a ban (D) as long as it meets the necessary conformity requirements​​​​.

When designing an integrated compliance strategy for responsible AI, the least likely step would be employing a new software platform to modernize existing compliance processes. While modernizing compliance processes is beneficial, it is not as directly related to the strategic integration of ethical principles and stakeholder concerns. More critical steps include conducting assessments of existing compliance programs to identify overlaps and integration points, consulting experts on ethical principles, and launching surveys to understand stakeholder concerns. These steps ensure that the compliance strategy is comprehensive and aligned with responsible AI principles. Reference: AIGP Body of Knowledge on AI Governance and Compliance Integration.

The most critical reason for documenting AI-related risks is toreduce exposure to legal, regulatory, and reputational liabilities. Clear documentation demonstrates thatrisks were identified, assessed, and addressed, which is essential for accountability and defensibility in the face of audits, litigation, or enforcement actions.

From theAI Governance in Practice Report 2025:

“An effective AI governance model is about collective responsibility… which should encompass oversight mechanisms such as privacy, accountability, compliance.” (p. 13)

“Accountability… is based on the idea that there should be a person or entity that is ultimately responsible for any harm resulting from the use of the data, algorithm and AI system ' s underlying processes.” (p. 28)

While transparency, alignment with standards, and knowledge sharing are all secondary benefits,risk documentation’s primary role is liability mitigation.

When notifying an accused perpetrator, the police officer should provide information about how the individual was identified by the AI system. This transparency is crucial for maintaining trust and ensuring that the accused understands the basis of the charges against them. Information about the accuracy, how to oppose the charges, and the composition of the training data, while potentially relevant, do not directly address the immediate need for the accused to understand the specific process that led to their identification. Reference: AIGP Body of Knowledge on AI Transparency and Explainability.

In the context of AI, particularly generative models, " hallucination " refers to the generation of outputs that are not based on the training data and are factually incorrect or non-existent. The scenario described involves the generative AI tool providing incorrect and non-existent information about restaurants, which fits the definition of hallucination. Reference: AIGP BODY OF KNOWLEDGE and various AI literature discussing the limitations and challenges of generative AI models.

Theinitial deployment phaseof an AI model is critical forpost-deployment monitoring. When tracking forbias, the most important task is tocontinue disparity testingto determine whether outputs differ across protected groups.

From theAI Governance in Practice Report 2025:

“Performance monitoring protocols… should include mechanisms to assess and measure disparities in outcomes across different demographic groups.” (p. 12)

“Bias may not be evident during pre-deployment testing but can emerge in real-world use.” (p. 41)

B. Awareness trainingis helpful, but not a technical bias mitigation activity.

C. Analyzing training datais apre-deploymenttask.

D. Documenting human decisionsmay support auditability but doesn’t detect bias in AI outputs.

Establishing a global AI governance infrastructure involves several key elements, including providing training to foster a culture that promotes ethical behavior, creating policies and procedures to manage third-party risk, and understanding differences in norms across countries. While publicly disclosing ethical principles can enhance transparency and trust, it is not a core element necessary for the establishment of a governance infrastructure. The focus is more on internal processes and structures rather than public disclosure. Reference: AIGP Body of Knowledge on AI Governance and Infrastructure.

Retraining an LLM (Large Language Model) is primarily done to improve or maintain its performance as data changes over time, to fine-tune it for specific use cases, and to incorporate new data interpretations to enhance accuracy and relevance. However, ensuring interpretability of the model ' s predictions is not typically a reason for retraining. Interpretability relates to how easily the outputs of the model can be understood and explained, which is generally addressed through different techniques or methods rather than through the retraining process itself. References to this can be found in the IAPP AIGP Body of Knowledge discussing model retraining and interpretability as separate concepts.

The correct answer is C because performing an impact assessment is the most effective proactive measure to identify and mitigate discrimination risks before model training and testing. AI governance frameworks emphasize early-stage risk identification, particularly for high-stakes domains like healthcare, where bias can lead to harmful or inequitable outcomes. Impact assessments, such as algorithmic or data protection impact assessments, evaluate potential harms, affected populations, and fairness risks prior to development. This enables organizations to design appropriate safeguards, adjust data selection, and implement mitigation strategies before biases become embedded in the model. Options like audits and bias bounty programs are reactive or post-development controls, while simply acquiring more data does not guarantee reduced bias without proper analysis. A structured impact assessment aligns with risk-based governance and supports fairness, accountability, and regulatory compliance.

Testing data is a subset of data used to provide a robust evaluation of a final model. After training the model on training data, it is essential to test its performance on unseen data (testing data) to ensure it generalizes well to new, real-world scenarios. This step helps in assessing the model ' s accuracy, reliability, and ability to handle various data inputs. Reference: AIGP Body of Knowledge on Model Validation and Testing.

Private LLMs offer advantages likecustomizability,reduced hallucination,confidentiality, andalignment with enterprise-specific tasks, but theydo not inherently reduce the time or effortneeded fordata validation or verification— which remains an essential step regardless of model privacy.

From the AI risk and quality sections:

“Ensuring the quality of the data… is highly contextual and must be validated regardless of the model’s deployment environment.” (p. 17)

B, C, Dare legitimate benefits of private LLMs.

Ais incorrect — validation still requires time and resources.

The correct answer is D because Privacy Impact Assessments are already structured processes designed to identify risks related to data use, processing, and potential harm to individuals. These assessments can be readily adapted to evaluate AI-specific risks, such as bias, automated decision-making impacts, and data protection concerns. AI governance frameworks emphasize leveraging existing compliance mechanisms to efficiently integrate AI risk management without duplicating processes. Privacy impact assessments align closely with AI risk evaluation because they examine how personal data is collected, used, and protected throughout the system lifecycle. Other options, such as penetration testing or training, focus on narrower objectives like security or awareness and are not comprehensive tools for identifying broader AI risks. Adapting PIAs supports a risk-based, scalable, and governance-aligned approach to managing AI systems.

The core ethical concern when deploying diagnostic AI in a healthcare setting is ensuringfairness and accuracy across diverse patient populations. If the AI is trained on a dataset that isnot representativeof the population it will serve, it risks reinforcing health disparities and leading to misdiagnoses.

From theAI Governance in Practice Report 2025:

“Training datasets lacking in diversity can produce outputs that systematically underperform for certain groups… this can lead to inaccurate or biased outcomes in healthcare settings.” (p. 41)

“Bias, discrimination and fairness challenge… inadequate or nonrepresentative training data can result in AI systems that propagate historical disparities.” (p. 42)

While physician oversight may reduce risk,biased data can still shape clinical decision-making.

A– Economic benefit is not central to ethical risk here.

C– Important but less critical than data representativeness.

D– Error rate matters but is addressed via validation; it’s not the core ethical issue.

The correct answer is D because conformity requirements are primarily intended to ensure that AI systems meet applicable legal, regulatory, and safety standards before deployment. AI governance frameworks, including the EU AI Act and international standards, require conformity assessments to verify that systems are safe, reliable, and compliant with risk management, documentation, and performance obligations. These assessments help identify and mitigate risks prior to market release, particularly for high-risk AI systems that may impact individuals’ rights, health, or safety. Conformity ensures accountability, transparency, and trustworthiness, which are central principles of responsible AI governance. The other options relate to usability or technical considerations, but they do not address the pri mary purpose of conformity assessments, which is regulatory compliance and risk mitigation prior to deployment.

In the machine learning context, feature engineering is the process of extracting attributes and variables from raw data to make it suitable for training an AI model. This step is crucial as it transforms raw data into meaningful features that can improve the model ' s accuracy and performance. Feature engineering involves selecting, modifying, and creating new features that help the model learn more effectively. Reference: AIGP Body of Knowledge on AI Model Development and Feature Engineering.

The correct answer isA. Sending ads to construction companies (business entities) rather than individual workers isa business targeting decision, not inherently a biased AI output.

From the AIGP ILT Participant Guide – Bias & Fairness Module:

“Biased outputs often include stereotyping, exclusion of underrepresented groups, or reinforcing harmful societal assumptions.”

Examples likeinsufficient representation of minority groupsorgender-stereotyping in visuals or languageare typical manifestations of bias.

AI Governance in Practice Report 2025 also notes:

“Bias in generative models may manifest in representation gaps, stereotyping, or unequal performance across demographic groups.”

Option A, by contrast, describes adistribution strategy, not a bias generated by the AI model.

===========

Before offering an AI solution in the EU market, a Canadian company must take several steps to comply with the EU AI Act. These steps include establishing a risk and quality management system (B), engaging a third-party auditor to perform a bias audit (C), and drawing up technical documentation and instructions for use (D). However, there is no requirement to register the AI solution in a public EU database (A). This registration step is not specified as part of the compliance requirements under the EU AI Act for such solutions​​​​.

The White House Blueprint for an AI Bill of Rights focuses on protecting civil rights, privacy, and ensuring AI systems are safe and effective. It includes principles like data privacy (D), human alternatives (A), and safe and effective systems (C). However, it does not specifically address high-risk mitigation standards as a distinct category (B).

The correct answer is D. Key stroke dynamics, used to identify individuals, fall under biometric data, which is a special category of personal data under the GDPR and other frameworks.

From the AI Governance in Practice Report 2025:

“Keystroke dynamics may constitute biometric data if used to uniquely identify an individual… Biometric data is classified as special category personal data and requires higher protection standards.”

Also reflected in ILT Participant Guide:

“Biometric data, such as facial images, voiceprints, iris scans or keystroke patterns, are treated as special category data when they are used for the purpose of uniquely identifying individuals.”

Risk probability/severity testing is not typically used to evaluate the performance of an AI system. While important for risk management, it does not directly assess an AI system ' s operational performance. Adversarial robustness, statistical sampling, and decision analysis are all methods that can help evaluate the performance of a responsible AI system by testing its resilience, accuracy, and decision-making processes under various conditions. Reference: AIGP Body of Knowledge on AI Performance Evaluation and Testing.

All of the options listed may pose copyright risks when teachers use generative AI to create course content, except for students must expressly consent to this use of generative AI. While obtaining student consent is essential for ethical and privacy reasons, it does not directly relate to copyright risks associated with the creation and use of AI-generated content.

In selecting the specific type of algorithm for the AI solution, the healthcare network ' s data science team is most important. This team possesses the technical expertise and understanding of the data, the clinical context, and the performance requirements needed to make an informed decision about which algorithm is most suitable. While the cloud provider and consulting firm can offer support and infrastructure, and the AI governance committee provides oversight, the data science team’s specialized knowledge is crucial for selecting and implementing the appropriate algorithm. Reference: AIGP Body of Knowledge, AI governance and team roles section.

The EU AI Act imposes severalmandatory obligationson high-risk AI systems, butpublishing a detailed report on training dataisnotone of them.

From theAI Governance in Practice Report 2025:

“It mandates drawing up technical documentation for high-risk AI systems, and requires high-risk AI systems to come with instructions for use that disclose various information, including characteristics, capabilities and performance limitations.” (p. 34)

“To make high-risk AI systems more traceable, it also requires AI systems to be able to automatically allow for the maintenance of logs throughout the AI life cycle.”

“Conducting post-market monitoring” and “conformity assessments” areexplicitrequirements for high-risk systems. (p. 34–35)

However,publishingdetailed training data is typicallyrequired only for general-purpose AI systems with systemic risk, not standard high-risk AI systems.

A. Log retention,B. Post-market monitoring, andC. Conformity assessmentsareall requiredunder the EU AI Act for high-risk systems.

The correct answer is D because it directly reflects core data and model quality principles such as accuracy, performance consistency, and real-world effectiveness across different user groups. AI governance frameworks emphasize that quality must be evaluated based on whether outputs are accurate, complete, and fit for purpose in real-world conditions. Measuring accuracy by user group also supports fairness and bias detection, which are essential components of trustworthy AI. Option D captures outcome-based performance and aligns with continuous monitoring expectations across the AI lifecycle. In contrast, options A and C focus more on operational or technical metrics, while B reflects user sentiment rather than objective quality. According to AI governance principles, high-quality AI systems require ongoing evaluation of outputs against real-world results to ensure reliability, validity, and safe deployment.

The correct answer is D because typical AI impact assessments focus on evaluating risks to individuals and society, particularly in areas such as fundamental rights, data protection, and safety. Frameworks like Data Protection Impact Assessments and Fundamental Rights Impact Assessments are designed to assess how AI systems may affect privacy, fairness, human rights, and potential harm to users. These assessments are core components of AI governance and are often required or recommended by regulations such as the GDPR and the EU AI Act. While options A, B, and C reference technical or operational considerations, they do not capture the broader societal and legal impacts that impact assess ments are intended to address. AI governance emphasizes a human-centric approach, ensuring systems are safe, lawful, and respectful of individual rights before deployment.

The correct answer is B because ensuring that training and testing data is representative is the most critical factor in mitigating bias in AI systems. AI governance frameworks emphasize that biased or unrepresentative datasets can lead to discriminatory outcomes, particularly when certain demographic groups are underrepresented or overrepresented. Representative data helps ensure that the model performs fairly and accurately across different populations. While privacy-enhancing tools and consent address legal and ethical data use, they do not directly prevent bias in model outcomes. Similarly, assessing the sufficiency of third-party data focuses on quantity rather than fairness or distribution. Effective bias mitigation begins with evaluating whether the dataset reflects the diversity and characteristics of the real-world population the AI system will impact.

The correct answer is Engagement of a cross-functional team. Effective AI governance requires collaboration among various organizational functions including legal, compliance, IT, ethics, and data science.

From the AIGP Body of Knowledge:

“AI governance cannot be siloed—it requires input and oversight from across departments... A cross-functional team ensures that ethical, technical, legal, and operational risks are all appropriately managed.”

Also confirmed in the ILT Participant Guide:

“Cross-functional teams allow organizations to bring in different perspectives... Legal, compliance, and technical experts must work together to ensure responsible AI outcomes.”

===========

The AI risk that would not have been identified during the procurement process based on the categories of information requested by the third-party consultant is security. The consultant focused on accuracy rates, diversity of training data, and system functionality, which pertain to performance and fairness but do not directly address the security aspects of the AI system. Security risks involve ensuring that the system is protected against unauthorized access, data breaches, and other vulnerabilities that could compromise its integrity. Reference: AIGP Body of Knowledge on AI Security and Risk Management.

The correct answer isB – Procedural. TheOECD Framework for Classifying AI Systemscategorizescodes of conduct and collective agreementsasprocedural toolsbecause they guide internal governance and decision-making processes.

From the AIGP ILT Participant Guide – Global Governance Models:

“Procedural tools include internal codes of conduct, collective agreements, and procedural audits that guide governance without necessarily involving technical measurement.”

AI Governance in Practice Report 2025 elaborates:

“These procedural tools support internal accountability mechanisms and ethics compliance frameworks… they are part of soft governance.”

These toolsdo not measure or analyze technical performance, hence they arenot technical or analytic.

===========

Ensuringoversight and auditabilityrequires that the organization hassufficient access to data, documentation, and model internalsor outputs necessary for evaluation.

From theAI Governance in Practice Report 2025:

“Access to technical documentation and system internals is essential to enable effective auditing, conformity checks, and accountability mechanisms.” (p. 11, 34)

Ais about liability, not auditability.

Bmatters for IP rights, not oversight.

Crelates to lifecycle responsibility but doesn’t guarantee audit access.

Biasis a common risk acrossboth proprietary and open-source models, andnot uniqueto proprietary deployments. All AI systems — regardless of origin — require evaluation for fairness, accuracy, and representativeness.

From theAI Governance in Practice Report 2025:

“Bias, discrimination and fairness challenges are present in both open and closed models, regardless of how the model is sourced.” (p. 41)

Small language models (SLMs)arelightweight, requireless compute, and arebetter suited to low-resource or edge environments, making them ideal for agility and efficiency.

From general AI best practices:

“SLMs can be deployed in environments with limited computing power, ensuring lower cost and faster integration in constrained contexts.” (aligned with industry-wide AI deployment strategies)

Training data is used to enable a model to detect and learn patterns. During the training phase, the model learns from the labeled data, identifying patterns and relationships that it will later use to make predictions on new, unseen data. This process is fundamental in building an AI model ' s capability to perform tasks accurately. Reference: AIGP Body of Knowledge on Model Training and Pattern Recognition.

The correct answer isA. Pre- and post-deployment testing ensuresbias, accuracy, and fairnessare evaluated and corrected as needed, which isessential for reputational risk mitigation.

From the AIGP Body of Knowledge:

“Testing AI systems before and after deployment is critical to ensure performance, fairness, and compliance. Failing to do so may result in reputational damage and legal exposure.”

AI Governance in Practice Report 2025 (Bias/Fairness and Risk Sections):

“System impact assessments, testing, and post-deployment monitoring are necessary to identify and mitigate risks… This supports both compliance and public trust.”

Testing is proactive, unlike indemnification (which transfers risk after damage), or requiring manual review (which defeats automation).

The most comprehensive way to identify a full range of risks — legal, ethical, operational, and societal — for a new AI model is through aformal impact assessment, such as aData Protection Impact Assessment (DPIA)orAlgorithmic Impact Assessment.

From theAI Governance in Practice Report 2025:

“Risk-based approaches are often distilled into organizational risk management efforts, which put impact assessments at the heart of deciding whether harm can be reduced.” (p. 29)

“DPIAs… help organizations identify, analyze and minimize data-related risks and demonstrate accountability.” (p. 30)

A. Environmental scanis too general.

B. Red teamingis useful for adversarial risk but not broad.

C. Integration testingfocuses on technical/system compatibility, not overall risk.

The correct answer is C, the Federal Trade Commission. The FTC plays a central role in U.S. AI governance by enforcing consumer protection and unfair or deceptive practices laws. In the context of AI systems such as companion chatbots, the FTC has authority to investigate risks related to user harm, transparency, safety, and misleading claims. AI governance frameworks emphasize regulatory oversight where AI systems may impact individuals psychologically, financially, or socially. Agencies like the FTC focus on ensuring that companies deploying AI systems do not cause harm through unsafe or deceptive practices and that they provide adequate disclosures about risks and system behavior. This aligns with broader AI governance principles of accountability, transparency, and risk management highlighted in the AI Governance in Practice Report 2024 , which stresses the importance of regulatory involvement in managing AI-related risks.

The failures in semi-autonomous vehicles due to sensors misinterpreting environmental surroundings, such as sunlight, are examples of brittleness. Brittleness in AI systems refers to their inability to handle variations in input data or unexpected conditions, leading to failures when the system encounters situations that were not adequately covered during training. These systems perform well under specific conditions but fail when those conditions change. Reference: AIGP Body of Knowledge on AI System Robustness and Failures.

Human-centric AI focuses on improving the human experience by addressing individual needs and enhancing human capabilities. Option D exemplifies this by using virtual assistants to tailor educational content to each student ' s unique abilities and needs, thereby supporting personalized learning and improving educational outcomes. This use case directly benefits individuals by providing customized assistance and adapting to their learning pace and style, aligning with the principles of human-centric AI.

The third-party consultant asked each vendor for information about the diversity of their datasets to assist in ensuring the fairness of the AI system. Diverse datasets help prevent biases and ensure that the AI system performs equitably across different demographic groups. This is crucial for a law enforcement application, where fairness and avoiding discriminatory practices are of paramount importance. Ensuring diversity in training data helps in building a more just and unbiased AI system. Reference: AIGP Body of Knowledge on Ethical AI and Fairness.

The EU AI Act explicitly prohibits the use of AI systems for social scoring by public authorities, as it can lead to discrimination and unfair treatment of individuals based on their social behavior or perceived trustworthiness. While AI can be used to promote equitable distribution of welfare benefits, manage border control, and even detect an individual ' s intent for law enforcement purposes (within strict regulatory and ethical boundaries), implementing social scoring systems is not permissible under the Act due to the significant risks to fundamental rights and freedoms.

The greatest risk from AI systems generatingrealistic synthetic mediaisdownstream harm, such asdeepfakes, misinformation, reputational damage, and erosion of trust.

From theAI Governance in Practice Report 2025:

“With generative AI, downstream harms such as deception, reputational damage, misinformation, and manipulation can emerge even if original use was lawful.” (p. 55–56)

The correct answer isD. While modernization through software may support efficiency, it isnot a foundational or essential componentof designing an integrated strategy.

From the AI Governance in Practice Report 2025:

“Integrated strategies rely on senior management support, ethical reviews, and stakeholder engagement... The use of tools and platforms may come later as an operational enhancement.”

Also confirmed in AIGP Body of Knowledge:

“Key components of a governance framework include leadership buy-in, ethical analysis, and stakeholder input. Tools are supporting elements—not strategic drivers.”

===========

The correct answer isB. " Candidate quality " isnota negative consequence of using AI—rather, it is the intendedbenefitof using such tools (e.g., more efficient filtering of strong candidates).

From the AIGP ILT Guide:

“Automation bias, disparate impact, and privacy risks are well-documented concerns in AI-assisted hiring. These risks may arise when AI models replicate biases present in training data or obscure the decision logic.”

AI Governance in Practice Report 2025 (Bias and Fairness Section) also warns:

“Improper AI use in hiring can lead to disparate impact, where neutral criteria disproportionately disadvantage protected groups.”

Candidate quality is agoal, not a risk, makingB the correct answerfor what isnota negative outcome.

===========

Performing an impact assessment is the best step to mitigate the possibility of discrimination before training and testing the AI solution. An impact assessment, such as a Data Protection Impact Assessment (DPIA) or Algorithmic Impact Assessment (AIA), helps identify potential biases and discriminatory outcomes that could arise from the AI system. This process involves evaluating the data and the algorithm for fairness, accountability, and transparency. It ensures that any biases in the data are detected and addressed, thus preventing discriminatory practices and promoting ethical AI deployment. Reference: AIGP Body of Knowledge on Ethical AI and Impact Assessments.

When an AI system causessignificant false positives, especially in sensitive contexts likefraud detection, the priority is tohalt harmful activityand perform a full assessment. Continued use without understanding the fault may cause furthercustomer harmand legal exposure.

From theAI Governance in Practice Report 2025:

“Incident management plans should enable identification, escalation, and system rollback to prevent continued harm from malfunctioning AI systems.” (p. 12, 35)

Data aggregators are third parties that collect and license data from various sources. They are responsible for ensuring thelawful collectionandproper usage rightsof the data they distribute — especially when such data is used to train foundational AI models.

From theAI Governance in Practice Report 2025:

“As organizations have neither proximity to how third-party data was first collected nor direct control over the data governance practices of third parties, an organization can benefit from carrying out its own legal due diligence and third-party risk management.” (p. 19)

“Legal due diligence may include verification of the personal data ' s lawful collection by the databroker...” (p. 19)

This confirms thatdata aggregatorsbear the legal and ethical burden to verify that data has been lawfully collected and is appropriately licensed for use, including in AI training.

A. The marketing agencyandD. its clientmay use data, but they rely on upstream providers for its lawful origin.

B. The tech companymay train the model but depends on lawful sourcing by data aggregators.

The primary concern for a company adopting a policy prohibiting the use of generative AI is the risk of accidental disclosure of confidential and proprietary information. Generative AI tools can inadvertently leak sensitive data during the creation process or through data sharing. This risk outweighs the other reasons listed, as protecting sensitive information is critical to maintaining the company’s competitive edge and legal compliance. This rationale is discussed in the sections on risk management and data privacy in the IAPP AIGP Body of Knowledge.

To mitigate the risk of reputational harm from using an AI hiring tool, XYZ Corp should rigorously test the AI tool both before and after deployment. Pre-deployment testing ensures the tool works correctly and does not introduce bias or other issues. Post-deployment testing ensures the tool continues to operate as intended and adapts to any changes in data or usage patterns. This approach helps to identify and address potential issues proactively, thereby reducing the risk of reputational harm. Ensuring the vendor assumes responsibility for damages (B) does not address the root cause of potential issues, selecting the most economical tool (C) may compromise quality, and continuing manual screening (D) defeats the purpose of using the AI tool​​​​.

The correct answer is D because one of the most significant risks associated with generative AI is the potential leakage of sensitive, confidential, or proprietary information. AI governance frameworks emphasize data protection, confidentiality, and secure data handling as critical organizational responsibilities. When employees input sensitive data into generative AI tools, especially external or third-party systems, that information may be stored, reused, or exposed unintentionally. This creates legal, regulatory, and reputational risks. As a result, organizations may restrict or prohibit generative AI use to prevent unauthorized data disclosure. The other options relate to operational or business considerations, which are not primary governance drivers. Protecting sensitive information aligns with core AI governance principles such as privacy, security, and risk mitigation, making it the strongest justification for such a policy.

The correct answer is C. This option concerns consent, which is generally a privacy, transparency, or institutional governance issue rather than a copyright issue. Copyright risk in AI governance usually relates to whether protected third party works were used in model training, whether generated outputs may reproduce copyrighted expression, and whether content is created without proper attribution or clear ownership boundaries. That makes options A, B, and D directly relevant to copyright and intellectual property concerns. In contrast, whether students must expressly consent deals with notice, fairness, and lawful or ethical use in an educational environment. For AIGP exam purposes, it is important to separate intellectual property risks from privacy and data protection obligations, even when both appear in the same classroom or organizational AI use case.

The correct answer is.C This action ties directly into principles of data minimization, purpose limitation, and lawfulness of processing, which are central to privacy and AI governance.

From the AIGP Body of Knowledge, Section on Privacy Considerations:

“Personal data must only be processed for specified and lawful purposes. Organizations must consider whether they have a legal basis for processing such data under data protection laws like the GDPR or CCPA.”

Additionally, AI Governance in Practice Report 2025 emphasizes:

“One of the most significant challenges when designing and developing AI systems is ensuring the data used is appropriate for the intended purpose… Managing unnecessary data, especially data that may contain sensitive attributes, can increase risk.”

===========